How severe is CVE-2025-62877?

CVE-2025-62877 has a CVSS v3 score of 9.8 (CRITICAL).

CVE-2025-62877

9.8CRITICAL

Projects using the SUSE Virtualization (Harvester) environment may expose the OS default ssh login password if they are using the 1.5.x or 1.6.x interactive installer to either create a new cluster o

Veröffentlicht: 1/8/2026Aktualisiert: 1/8/2026

Beschreibung

Projects using the SUSE Virtualization (Harvester) environment may expose the OS default ssh login password if they are using the 1.5.x or 1.6.x interactive installer to either create a new cluster or add new hosts to an existing cluster. The environment is not affected if the PXE boot mechanism is utilized along with the Harvester configuration setup.

KI-AnalyseKI-gestützt

Referenzen

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-62877
https://github.com/harvester/harvester/security/advisories/GHSA-6g8q-hp2j-gvwv